12106: OpenSSL Out-of-bounds read affects Kerberos ciphersuites

OpenSSL Out-of-bounds read affects Kerberos ciphersuites

General Info

	TC:	12106
	Description:	OpenSSL is a very popular library supporting SSL and cryptographic functions working on many different platforms. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. Most applications have no ability to use Kerberos ciphersuites and will therefore be unaffected. Versions 0.9.7a, 0.9.7b, and 0.9.7c of OpenSSL are affected by this issue. Any application that makes use of OpenSSL's SSL/TLS library may be affected. Please contact your application vendor for details.
	TC Impact:	Gather Info
	Service:	http

Specific Operations and Actions:

	Vulnerability Publication:	March 17, 2004
	Advisory Copyright:	Stephen Henson and the OpenSSL Group.
	Summary:	It is possible to create a DoS using a bug in OpenSSL.
	Risk:	Medium
	CVSS 2.0 metrics:	Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
	CVSS 2.0 Base Score:	5.0

	Vulnerability Impact:	Denial of Service

	Host Impact:	Service can be stopped.
	Nature of Remediation:	Update the software.

	Step required to fix the reported vulnerability:
	*** Solution type: Upgrade Software *** Upgrade to OpenSSL 0.9.7d or higher. See references for more details.

Glossary and References :

	References:
	* BUGTRAQ: 20040317 New OpenSSL releases fix denial of service attacks [17 March 2004] http://marc.theaimsgroup.com/?l=bugtraq&m=107953412903636&w=2 * CONFIRM: http://www.openssl.org/news/secadv_20040317.txt * APPLE: APPLE-SA-2005-08-15 http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html * APPLE: APPLE-SA-2005-08-17 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html * CISCO: 20040317 Cisco OpenSSL Implementation Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml * GENTOO: GLSA-200403-03 http://security.gentoo.org/glsa/glsa-200403-03.xml * MANDRAKE: MDKSA-2004:023 http://www.mandriva.com/security/advisories?name=MDKSA-2004:023 * NETBSD: NetBSD-SA2004-005 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc * REDHAT: RHSA-2004:120 http://www.redhat.com/support/errata/RHSA-2004-120.html * REDHAT: RHSA-2004:121 http://www.redhat.com/support/errata/RHSA-2004-121.html * SCO: SCOSA-2004.10 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt * SLACKWARE: SSA:2004-077 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961 * SUSE: SuSE-SA:2004:007 http://www.novell.com/linux/security/advisories/2004_07_openssl.html * SUNALERT: 57524 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524 * TRUSTIX: 2004-0012 http://www.trustix.org/errata/2004/0012 * HP: SSRT4717 http://marc.theaimsgroup.com/?l=bugtraq&m=108403806509920&w=2 * CONFIRM: http://docs.info.apple.com/article.html?artnum=61798 * CERT: TA04-078A http://www.us-cert.gov/cas/techalerts/TA04-078A.html * CERT-VN: VU#484726 http://www.kb.cert.org/vuls/id/484726 * CIAC: O-101 http://www.ciac.org/ciac/bulletins/o-101.shtml * BID: 9899 http://www.securityfocus.com/bid/9899 * OVAL: oval:org.mitre.oval:def:1049 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1049 * OVAL: oval:org.mitre.oval:def:928 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:928 * SECUNIA: 11139 http://secunia.com/advisories/11139 * XF: openssl-kerberos-ciphersuites-dos(15508) http://xforce.iss.net/xforce/xfdb/15508

	CVE Link:	CVE-2004-0112

	Glossary:	Denial of Service SSL

© 2003-2010 NexantiS Corporation (www.securescout.com)
SecureScout is a trademark of NexantiS
All Rights Reserved
All products names referenced herein are trademarks of their respective companies

SecureScout products are certified:
CVE Compatible
SANS TOP 20 Compatible
CVSS Compatible (Common Vulnerability Scoring System)